CVE-2012-2654

Currently unrated

Key Information:

Vendor: Openstack
Status: Compute; Essex; Diablo
Vendor: CVE Published:; 21 June 2012

Summary

The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restrictions.

References

http://secunia.com/advisories/46808

third-party-advisoryx_refsource_SECUNIA

https://review.openstack.org/#/c/8239/

x_refsource_CONFIRM

https://github.com/openstack/nova/commit/9f9e9da777161426...

x_refsource_CONFIRM

Timeline

Vulnerability published
Jun 21, 2012
Vulnerability Reserved
May 14, 2012